Posts by somjit{}

Your original question concerned installing an av program after a reformat

please dont leave me because my original post was abt something else than whats happening now... i hope that u guys know that im hopeless without these instructions ur giving me :( so please dont leave !!

and the very reason that i thought about the antivirus WAS because i was hoping for a solution that didnt involve completely reformating my machine. maybe the problems would go away if i did a full scan with a paid anti virus ( thats what i thought). but if it still didnt, then i would have resorted to reformating my drive, completely. but that was my last option.

You now do realize that a reformat in this case, if you decide to go that route, could possibly include all of your drives since there is infection on all drives.

yes.. i do.. but after coming this far, wouldnt like to do that..

i knew using a P2P program was dangerous... but i was hearing a lot abt file sharing, and wanted to see what all that was abt. heard that limewire was a popular tool for doing these sort of stuff.. so thought id give it a try ( if i dont like it .. would just uninstall it.. problm solved!! ) .. BAADD DECISION ! :(

Spigot, what is this program?

im sry, but i really have no idea what this program is. i dont remember installing anything like this, or using it. even the name sounds fishy...

I have sent gerbil a message to ask that he take a look. Don't do any more downloading or backing up until he can take a good look at all of this.

ok.. thanks a lot :) and to be honest i had no idea abt such infections before this. this problem is a real pain.. but at least im learning something new from this. better to look on the positive side of things...

i tried once more... its now saying that "Firefox can't find the server at support.kaspersky.com."

but sality is not showing on the logs anymore.. does that mean sality has been deleted? i would do the sality killer run if i could get that page open.. but its not loading !

since you didn't run all the programs requested by gerbil, namely the Salitykiller porgram

its not like i didnt do it, i couldnt do it...

gerbil said that these viruses attack executable processes..
in my e drive, i have a copy of my c drive program files... i forgot to mention that.. and some programs are installed on the f drive as well. can that be a reason for infections showing up on all drives?

power just went off!! :( im running on ups r8 now. no idont get any error message, just it keeps loading.. thats all.. but nothing gets displayed. ill get back as to you when power comes back again. sry :( and i did another mbam scan.. it again showed 12 infections.
here is the log...

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6082

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

3/17/2011 9:03:38 AM
mbam-log-2011-03-17 (09-03-38).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|)
Objects scanned: 269223
Time elapsed: 18 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Documents and Settings\Administrator\Local Settings\Temp\winuifqgb.exe (Spyware.PWS) -> Delete on reboot.

by access to another computer.. well i sometimes get stuff from my frnds computer, songs, movies etc, but thats about it.

when i click on the link on those sites in firefox, a new tab opens showing "loading" but thats all, nothing gets displayed in that tab... just it keeps loading and loading...

by change i mean shifting to win xp..

on the e drive, i have songs, videos, as well as the setup files of the programs. the f drive has things related to my studies, wordfiles, pdf files etc, d-drive is the dvd drive, and the f drive is more or less empty. it just has a backup image of the win7 machine i used earlier, but changed it because a lot of programs dont run there.

i couldnt do that.. the site gerbil said, that wont load.. i tried to do that, but its the same problem as with the jotti site, or the eset site u gave me. they wont load!

here is the mbam log....

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6082

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

3/17/2011 8:27:09 AM
mbam-log-2011-03-17 (08-27-09).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|)
Objects scanned: 268999
Time elapsed: 19 minute(s), 52 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 21

Memory Processes Infected:
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> 1500 -> Unloaded process successfully.
c:\program files\common files\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> 192 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchSettings (PUP.Dealio) -> Value: SearchSettings -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE (PUP.Dealio) -> Value: SEARCHSETTINGS.EXE -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
…

Looks pretty good!

you dont know how much that lifts me up!! :) i prayed more than a couple of times before running combofix, and didnt go to college to hear a reply from you!! really feeling good r8 now, and cant thank u enough for keeping up with me and my problems for the last two days!

as regards those programs you wanted me to remove, i did them all, but couldn't find "Java Auto Updater" in the list. although i did remove "Java(TM) 6 Update 18"

ill do the update, n the scans u said, the next post will have the logs.
thanks again :)

Battery backup - Prevents losing the data stored in the RAID cache (short term memory) in the event of a power cut. If a battery isn't installed anything not yet written to the physical hard drive will be lost.

if i have a ups, then will that do the work that a battery backup is/was supposed to do?

dhonnobad :)

haha!! welcome to daniweb bhai!! er.. rather dada :D !!

here is the combofix log..... (feeling really good r8 now!! :):) )

ComboFix 11-03-15.03 - Administrator 03/16/2011 21:23:03.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1791.1336 [GMT 5.5:30]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
c:\docume~1\ADMINI~1\LOCALS~1\Temp\jna2934518254239686697.dll
c:\documents and settings\Administrator\Local Settings\Temp\jna2934518254239686697.dll
c:\program files\IObit Toolbar\IE\4.1\ioBIttoolbarie.dll
c:\program files\SpeedBit Toolbar\Toolbar\tbhelper.dll
c:\program files\SpeedBit Video Downloader\Toolbar\tbhelper.dll
C:\rlgb.pif
c:\windows\system32\drivers\cvwgex.sys
E:\Autorun.inf
F:\autorun.inf
G:\autorun.inf
G:\rrhw.pif
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSINT32
-------\Service_amsint32
-------\Legacy_cvwgex
-------\Service_cvwgex
.
.
((((((((((((((((((((((((( Files Created from 2011-02-16 to 2011-03-16 )))))))))))))))))))))))))))))))
.
.
2011-03-16 15:02 . 2011-03-16 15:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ConduitEngine
2011-03-16 15:02 . 2011-03-16 15:02 -------- d-----w- c:\program files\ConduitEngine
2011-03-16 15:02 . 2011-03-16 15:02 -------- d-----w- c:\program files\Softonic-Eng7
2011-03-16 15:00 . 2011-03-16 15:00 -------- d-----w- c:\program files\VirusTotalUploader2
2011-03-14 03:44 . 2011-03-14 03:44 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2011-03-14 03:44 . 2011-03-14 03:44 -------- d-----w- c:\documents and settings\LocalService\Application Data\Toolbar4
2011-03-09 03:21 . 2004-08-03 19:26 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-03-09 03:21 . 2001-08-17 17:06 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-03-09 03:21 . 2004-08-03 17:28 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-03-09 03:21 . 2004-08-03 17:28 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-03-06 15:50 . 2011-03-06 15:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-03-06 15:50 . 2010-12-20 12:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-06 15:50 . 2011-03-06 …

sorry... ok ill do that.

ok.. when i click on the link, the page doesnt load, but however, i did a google search, n a page http://virustotal-uploader.en.softonic.com/ did load. its about the virus total uploader. will this help?

um.. yeah. is that unusual? i tried 3-4 times.. but that site wont load. ok im trying this one out...

i tried both firefox and IE, but that site isnt loading! its just stuck there. is it becuse of the virus?

i was a bit scared to open my computer yesterday.. so the late reply, ok, im doing it .. thanks for keeping up with me.. :)

delete C:\rlgb.pif and c:\windows\system32\drivers\cvwgex.sys

i deleted the first, but windows is showing a message that it cannot delete c:\windows\system32\drivers\cvwgex.sys.

starting to get a bit worried to be honest.. nothing like this has happened to before! :(

im posting the mbr log below....

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 118):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E2000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F68000 pci.sys
0xB80A8000 isapnp.sys
0xB7EAF000 cvwgex.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80B8000 MountMgr.sys
0xB7E90000 ftdisk.sys
0xB85AC000 dmload.sys
0xB7E6A000 dmio.sys
0xB8330000 PartMgr.sys
0xB80C8000 VolSnap.sys
0xB7E52000 atapi.sys
0xB7E2D000 nvgts.sys
0xB7E15000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xB80D8000 disk.sys
0xB80E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7DF6000 fltMgr.sys
0xB7DE4000 sr.sys
0xB80F8000 PxHelp20.sys
0xB7DCD000 KSecDD.sys
0xB7D40000 Ntfs.sys
0xB7D13000 NDIS.sys
0xB7CF8000 Mup.sys
0xB8308000 \SystemRoot\system32\DRIVERS\processr.sys
0xB7C46000 \SystemRoot\system32\DRIVERS\parport.sys
0xB85DA000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0xB8318000 \SystemRoot\system32\DRIVERS\serial.sys
0xB85A4000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB83B0000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB7C23000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB83B8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB83C0000 \SystemRoot\system32\DRIVERS\RTL8139.SYS
0xB7BFE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8138000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB7B14000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xB8148000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8158000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8168000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB7AF1000 \SystemRoot\system32\DRIVERS\ks.sys
0xB7341000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB732D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB87C3000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB8188000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB7CCC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB7316000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB81B8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB81C8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB83E0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB7265000 \SystemRoot\system32\DRIVERS\psched.sys
0xB81D8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB8418000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB8430000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB6F74000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB8298000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB8420000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8428000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB85E2000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB6EA0000 \SystemRoot\system32\DRIVERS\update.sys
0xB7C76000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB82A8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xADB16000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB8606000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xADB06000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
…

i ran mbr check.. but i had to do it using IE, as firefox gave that same message "Error while unpacking program, code LP5. Please report to author" and didnt open this site. just thought i let u know..

*off ... spelling check!!

turn off your Antivirus, Antispyware and Firewall for the duration of this scan.

i dont have any antivirus now, n iv turned avg anti spyware off. but iv heard that windows has its own firewall, do i need to turn that of? if so.. please let me know how to do that as i havent done that before.

im planning to buy this years release of kaspersky AV. if i install n run it on my computer, will that kill the sality virus? since u mentioned kaspersky labs, so im asking this.. the caution warning u gave abt combofix really is scary... especially as im not much of any geek etc. iv had kaspersky for one year, n i didnt have any problms.. just in one month that im going without an antivirus that so much damage has been made to my computer!

Save your data files to cd, don't save any executables, even possibly desirable ones such as application installers.

by executables, do u mean setup files?

and ccleaner isnt running... it just shows an error message saying R6002 floating point support not loaded.

and how do i turn system restore off? i dont know how to do that. about two days ago, i tried to restore my computer to an earlier point, but it didnt happen.. i got a message saying that the windows wasnt able to restore my computer to the chosen earlier time period. and since then im getting that problem iv mentioned -
Error while unpacking program, code LP5. Please report to author

here are the dds logs.
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Administrator at 14:33:00.50 on Mon 03/14/2011
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1791.1371 [GMT 5.5:30]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\winamp installed\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
F:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\WinSplit Revolution\WinSplit.exe
C:\Program Files\WinSplit Revolution\WinSplitDrvr32.exe
C:\Program Files\Password Safe\pwsafe.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"C:\WINDOWS\System32\svchost.exe"
"C:\WINDOWS\System32\svchost.exe"
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mvbwd.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\batrq.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.1\iobitToolbarIE.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.1\iobitToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SBCONVERT Class: {3017fb3e-9a77-4396-88c5-0ec9548fb42f} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
BHO: RealPlayer Download …

here are the problems that iv been facing lately:

1. ccleaner, picasa, speccy etc dont run, they just show an error message saying " runtime error, R6002 floating point support not loaded"

2. the acrobat window crashes on opening, so i have to open pdf files through adobe reader only.
however, acrobat distiller, n photoshop etc are working fine.

3. a few days earlier, i got some error message that said something like a display driver had stopped working, n my screen had turned into a mosaic of chunky multicolored pixels!! that really scared me.. i did a restart and fortunately there hasnt been a repeat of that till now!

4.when i open windows task manager, and go to "performance", i see commit charge higher than 500mb even while im not doing anything. is this normal? i think it used to be lower earlier..

5. this is the latest addition to my list of problems..
i have DAP (download accelerator plus) as my download manager, and on windows startup, it used to open a small window, which doesnt open now, but i get a error message saying " Error while unpacking program, code LP5. Please report to author."

i hope these descriptions of the problems will be of some help to you.. next post will have the dds logs.

this are the gmer logs..

.................. GMER ONE...............

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-03-14 10:22:07
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Scsi\nvgts2Port3Path1Target1Lun0 WDC_WD50 rev.05.0
Running: 8r6uw5xm.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kflyraog.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89B2CC98
Device \Driver\Tcpip \Device\Ip 89954110
Device \Driver\Tcpip \Device\Tcp 89954110
Device \Driver\Tcpip \Device\Udp 89954110
Device \Driver\Tcpip \Device\RawIp 89954110

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] cvwgex <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

.............. GMER TWO...............

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-14 11:12:05
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Scsi\nvgts2Port3Path1Target1Lun0 WDC_WD50 rev.05.0
Running: 8r6uw5xm.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kflyraog.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess [0xB0C048AC] <-- ROOTKIT !!!
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess [0xB0C04812] <-- ROOTKIT !!!

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89B2CC98
Device \Driver\Tcpip \Device\Ip 89954110
Device \Driver\Tcpip \Device\Tcp 89954110
Device \Driver\Tcpip \Device\Udp 89954110
Device \Driver\Tcpip \Device\RawIp 89954110
Device \Driver\Tcpip \Device\IPMULTICAST 89954110

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] cvwgex <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\cvwgex@bzhpzpkwn -1153440622
Reg HKLM\SYSTEM\CurrentControlSet\Services\cvwgex@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\cvwgex@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\cvwgex@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\cvwgex@Group Boot Bus Extender
Reg …

and... the instructions in the read me thread said to disconnect from the net while the scans were running, that's why it took me this long to reply.. sorry. n i'm from kolkata, India. its about 11-30 in the morning here... so ill be back in the evening then..

thanks for all the support.:)

okay.. im doing the new scans. i did those scans some days back... ill start with the gmer scan, n post the logs as soon as its done.

thanks for the support :) i have the softwares mentioned in that sticky, n also the logs, but do u want me to post the old ones or do a new scan right now n post the logs for those?
thanks a lot for ur time :)

thanks :)
n yes.. a paid version. im planning to buy one today, the one that i had earlier had expired some time back. my computer is showinng a lot of problems..

actually, this is what i was thinking of doing->

first use this av to scan my computer,
then back it up, n do a reformat n a fresh install.. i think my computer is infested with a lot of malware :( so i was thinking of this reformat.

but since u are here.. i would be really grateful if u could help me out with some of these problems im having???
i could give u all the logs as well if u need them. :)

but,anyways thanks a lot for the above suggestion:)

hi everyone :) i have this question to ask regarding a ONE-USER ANTIVIRUS..

if i have one such antivirus installed in my computer, and then if i reformat my entire disk, then will i be able to reinstall that anti-virus from its cd after iv made a fresh install?

thanks :)
somjit{}

hi there sturdy :) im sure u'll learn a lot from daniweb, so keep visiting frm time to time, chances are something new will definitely be there for u to check out each time u visit.
im new here as well, n i love this place :) hope u do too :)

cheers:)
somjit{}

Unfortunately, these methods are getting not true MAC address

try this:
go to the command prompt n type

ipconfig<space>/all

this should tell u ur true hardware mac address.. it worked for me, the mac address will be given under something like "physical address"..

cheers :)
somjit{}

here are the logs that were mentioned in the thread http://www.daniweb.com/forums/thread134865.html ..

1> .........GMER log..........

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-06 21:17:24
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Scsi\nvgts2Port3Path1Target1Lun0 WDC_WD50 rev.05.0
Running: 8r6uw5xm.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kflyraog.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess [0xB86F18AC]
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess [0xB86F1812]

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 78

---- Files - GMER 1.0.15 ----

File C:\System Volume Information\_restore{A8DA50EA-9289-4A52-B7E3-4DE70B91F5FD}\RP48\A0104020.exe 667714 bytes executable
File C:\System Volume Information\_restore{A8DA50EA-9289-4A52-B7E3-4DE70B91F5FD}\RP48\A0104021.exe 262144 bytes
File C:\System Volume Information\_restore{A8DA50EA-9289-4A52-B7E3-4DE70B91F5FD}\RP48\A0104023.exe 0 bytes
File C:\System Volume Information\_restore{A8DA50EA-9289-4A52-B7E3-4DE70B91F5FD}\RP48\A0104024.exe 0 bytes

---- EOF - GMER 1.0.15 ----

2>.......Malwarebyte's Antimalware log.......

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5974

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

3/6/2011 10:30:16 PM
mbam-log-2011-03-06 (22-30-16).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|)
Objects scanned: 302632
Time elapsed: 53 minute(s), 6 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 6
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 64

Memory Processes Infected:
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> 1716 -> Not selected for removal.
c:\program files\common files\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> 1940 -> Not selected for removal.

Memory Modules Infected:
(No malicious items detected)

But that's the Achilles' heel of the Intel CPU, it doesn't deliver three times the performance of the AMD and so falls behind in terms of the power:cost ratio.

this goes for even the lower budget processors from intel...
iv seen most of my frnds buying the intel dual core or the core2duo( E7200 or E7400) range just from the name of it... but a similarly priced processor from AMD like the Athlon X2 series packs a better performance than a higher priced core2duo E7### range. Its 2000MHz external bus frequency helps in providing performance that is on par with, or even better than their intel counterparts, who sport a max of 1066 MHz external Bus frequncy( for the E7400). For most of us who are on a budget n want the maximum value for money, drop intel n go for AMD :)

somjit{}
:)

PS: I'll be making a nice donation to the cause, in thanks to you for your outstanding bedside manner dealing with a crusty old man who's trying to keep up.

hey mister goldeneagle4444... im a 20 yr old, n i too had a hard 30 mins keeping with this thread..
but it was worthwhile.. gr8 job philliephan, i would like to think that i gained some knowledge from this thread... :) hope to someday solve problems like this on my own, n be of help as well... :)
thanks for posting ur problm here goldeneagle4444, n once again.. gr8 job philliephan!!
cheers :)
somjit{}

when i click to open ccleaner, or speccy, or picasa from the desktop shortcut... it opens for a few seconds n then a pop up window shows up, saying -
"Runtime error!
program: C:\program files\speccy\speccy.exe

R6002
-floating point support not loaded"

i did a few google search relating to this R6002 error... i didnt find anything that i could use properly.... a few pages described abt this being a problem with microsoft visual c .. but no methods to HOW TO SOLVE THIS PROBLEM :(
previously i had windows 7, but then i changed back to xp as a lot of programs didnt run there... n iv been facing this problem ever since :'( cant understand whats wrong with my system... PLEASE HELP ME OUT...

with regards;
somjit{}

Yes, You can better as i feel
You have talent but Dost I am also New in this line

thanks Niraj :)... n hey did u post ur intro here as well? would like to see it:)

Name: Somjit Nag
from: Kolkata, India.

what i do: i'm a 2nd year b.tech student doing my degree in electronics and communication engg.
college: budge budge institute of technology.
school: Nava Nalanda.

things i like: music, facebook, chatting with frnds and computer hardware.

hobbies: photography,n again..chatting..:)

music: linkin park, u2, mettalica, jhon mayer, pink floyd, james blunt, enrique iglesias,... soft rock, melody, love songs...etc.
also bengali(or BANGLA)rock.>> fossils, lakhichara, cactus n many more.

sports: cricket, football, swimming, cycling.

can play the guitar with somewhat skill:$ ....this a hobby too.

things i wish to accomplish in the future: be an awesome programmer, know my subject in detail..like the teachers i respect. play guitar like the people i listen to,

also.. wish i get a girlfriend in the not so far future!!!:$:)

AND NOW...a final few words(don't know how else i can describe this):

right now>i don't know much about programming and code and other IT stuff that most of the members here may know.:( as of now just learning c ...data structures linked lists n all.
hoping to learn a lot from daniweb..:)that's the main reason for me joining. also hoping that i can start contributing within a short time.:)

hope ull see a lot of me in the future!! \m/...\m/ hehe!!:):D